ClawHub

Polymarket Autopilot

Security checks across malware telemetry and agentic risk

Overview

The skill presents itself as a Polymarket trading autopilot, but the available evidence shows mock reporting behavior plus under-scoped Discord posting and command-execution risk.

Review before installing. Treat this as a mock Discord reporting/demo skill unless the publisher updates the artifacts to accurately describe the behavior, removes hardcoded personal paths and channel IDs, avoids shell-built command execution, and clearly explains any financial, Discord, and paper-vs-live trading implications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill metadata and feature list claim automated paper trading and strategy execution, but the documented invocation only describes fetching market data, analyzing trends, generating a report, and posting to Discord. This mismatch can mislead users and downstream agents about the skill's real capabilities, causing unsafe reliance on non-existent trade execution or risk controls in a financial context.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The documentation markets the skill as performing automatic trading, stop-loss, take-profit, and portfolio management, yet the concrete usage section only shows a reporting workflow. In a trading skill, this discrepancy is dangerous because users may assume positions are being managed or protected when no such controls are actually described.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill metadata and behavior materially misrepresent its capabilities: it claims automated paper trading, trend monitoring, portfolio management, and trade execution, but the script only generates a mock report from hardcoded data and posts it to Discord. In an agent ecosystem, this kind of deceptive capability claim is dangerous because operators may grant trust, automation privileges, or make financial decisions based on fabricated outputs.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The header comment asserts functionality such as fetching Polymarket data and managing a portfolio, but the implementation uses only static sample data and does not perform those actions. This is a security-relevant integrity issue because misleading internal documentation can cause reviewers, users, or downstream agents to overtrust the script and mis-handle financial or operational workflows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes automated monitoring, trading-related behavior, and Discord delivery without clear warnings about financial consequences, account/API-key handling, or disclosure of potentially sensitive trading data to third-party channels. In a finance-oriented automation context, missing consent and risk warnings increase the chance of unintended account exposure, data leakage, or users misunderstanding the consequences of enabling the skill.

VirusTotal

No VirusTotal findings

View on VirusTotal